Extracting symbol info out of processes at runtime
From: P. de Boer (pieter_at_thelostparadise.com)
Date: 04/28/04
- Previous message: M. Warner Losh: "Re: hostap TX fix in 5.x"
- Next in thread: Dag-Erling Smørgrav: "Re: Extracting symbol info out of processes at runtime"
- Reply: Dag-Erling Smørgrav: "Re: Extracting symbol info out of processes at runtime"
- Reply: John-Mark Gurney: "Re: Extracting symbol info out of processes at runtime"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: freebsd-hackers@freebsd.org Date: Wed, 28 Apr 2004 17:59:21 +0200
Hello -hackers,
This is going to be a bit lengthy, but bear with me please, it's an
interesting topic if I may say so :)
For a little private project I'm working at, I need to find the address
of a function which is inside a shared library of a running process, OR
the base address the library is running at (in that case, I can simply
do a base_address+known_offset_of_function). The executable nor
libraries have their symbols stripped.
To find the address of a certain function, I tried the ptrace program
from http://www.linuxgazette.com/issue85/sandeep.html (which tries to
find a link_map at GOT+4 by finding GOT in the dynamic section found in
the program header), but that didn't seem to work out too well: strcpy()
was found, but the symbol I was looking for wasn't. I am a bit unsure
why, but perhaps it was because the symbol is probably only local to the
library, if that's even possible.
Because I lacked ELF clue and couldn't figure out what was going on, I
started to write an elf-info program, which uses ptrace() to extract the
ELF header, the program header table and the section header table from a
running process. However, when I dump the section header table, all I
get is garbage. man 5 elf states that the e_shoff field of the ELF
header defines the offset of the section header table. When I dump the
memory of 0x08048000+e_shoff in gdb, I'm getting different data than I'm
seeing in the file on disk at offset e_shoff. So, apparantly the section
header table isn't stored there at runtime, despite what the field
e_shoff may say.
Is there anyone here who might shed a light on this? Where has it gone?
I started this e-mail stating I wanted to find the address of a symbol
or the base address of a shared library. I don't know yet if I really
need to have the section header table for this, or rather go to the
dynamic section found in the program header. I was going to find that
out writing my elf-info program, but that wasn't really a success as you
see. If anyone can elaborate on that issue as well, I would be most
thankful.
PS: The sources to the program can be found at
http://thelostparadise.com/troep/elfinfo.c
-- With regards, Pieter de Boer _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: M. Warner Losh: "Re: hostap TX fix in 5.x"
- Next in thread: Dag-Erling Smørgrav: "Re: Extracting symbol info out of processes at runtime"
- Reply: Dag-Erling Smørgrav: "Re: Extracting symbol info out of processes at runtime"
- Reply: John-Mark Gurney: "Re: Extracting symbol info out of processes at runtime"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
